package org.eclipse.jgit.transport;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.spec.AlgorithmParameterSpec;
import java.text.MessageFormat;
import java.util.Locale;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import org.apache.sshd.common.config.keys.loader.AESPrivateKeyObfuscator;
import org.eclipse.jgit.internal.JGitText;
import org.eclipse.jgit.transport.AmazonS3;
import org.eclipse.jgit.util.Base64;

/* loaded from: input_file:org/eclipse/jgit/transport/WalkEncryption.class */
abstract class WalkEncryption {
    static final WalkEncryption NONE = new NoEncryption(null);
    static final String JETS3T_CRYPTO_VER = "jets3t-crypto-ver";
    static final String JETS3T_CRYPTO_ALG = "jets3t-crypto-alg";

    /* loaded from: input_file:org/eclipse/jgit/transport/WalkEncryption$JGitV1.class */
    static class JGitV1 extends SymmetricEncryption {
        static final String VERSION = "1";

        static Properties wrap(String str, String str2) {
            Properties properties = new Properties();
            properties.put(AmazonS3.Keys.CRYPTO_ALG, str);
            properties.put(AmazonS3.Keys.CRYPTO_VER, VERSION);
            properties.put("password", str2);
            properties.put(String.valueOf(str) + Keys.X_ALGO, str);
            properties.put(String.valueOf(str) + Keys.X_KEY_ALGO, str);
            properties.put(String.valueOf(str) + Keys.X_KEY_ITER, DEFAULT_KEY_ITER);
            properties.put(String.valueOf(str) + Keys.X_KEY_SIZE, DEFAULT_KEY_SIZE);
            properties.put(String.valueOf(str) + Keys.X_KEY_SALT, DEFAULT_KEY_SALT);
            return properties;
        }

        JGitV1(String str, String str2) throws GeneralSecurityException {
            super(wrap(str, str2));
            if (!Pattern.compile(Vals.REGEX_PBE).matcher(this.cipherAlgo.toUpperCase(Locale.ROOT)).matches()) {
                throw new GeneralSecurityException(JGitText.get().encryptionOnlyPBE);
            }
        }
    }

    /* loaded from: input_file:org/eclipse/jgit/transport/WalkEncryption$JGitV2.class */
    static class JGitV2 extends SymmetricEncryption {
        static final String VERSION = "2";

        JGitV2(Properties properties) throws GeneralSecurityException {
            super(properties);
        }
    }

    /* loaded from: input_file:org/eclipse/jgit/transport/WalkEncryption$JetS3tV2.class */
    static class JetS3tV2 extends WalkEncryption {
        static final String VERSION = "2";
        static final String ALGORITHM = "PBEWithMD5AndDES";
        static final int ITERATIONS = 5000;
        static final int KEY_SIZE = 32;
        static final byte[] SALT = {-92, 11, -56, 52, -42, -107, -13, 19};
        static final byte[] ZERO_AES_IV = new byte[16];
        private static final String CRYPTO_VER = "2";
        private final String cryptoAlg;
        private final SecretKey secretKey;
        private final AlgorithmParameterSpec paramSpec;

        JetS3tV2(String str, String str2) throws GeneralSecurityException {
            this.cryptoAlg = str;
            Cipher create = InsecureCipherFactory.create(this.cryptoAlg);
            String upperCase = this.cryptoAlg.toUpperCase(Locale.ROOT);
            if (!upperCase.startsWith("PBE")) {
                throw new GeneralSecurityException(JGitText.get().encryptionOnlyPBE);
            }
            this.secretKey = SecretKeyFactory.getInstance(str).generateSecret(new PBEKeySpec(str2.toCharArray(), SALT, 5000, 32));
            if (upperCase.contains(AESPrivateKeyObfuscator.CIPHER_NAME)) {
                this.paramSpec = new PBEParameterSpec(SALT, 5000, new IvParameterSpec(ZERO_AES_IV));
            } else {
                this.paramSpec = new PBEParameterSpec(SALT, 5000);
            }
            create.init(1, this.secretKey, this.paramSpec);
            create.doFinal();
        }

        @Override // org.eclipse.jgit.transport.WalkEncryption
        void request(HttpURLConnection httpURLConnection, String str) {
            httpURLConnection.setRequestProperty(String.valueOf(str) + WalkEncryption.JETS3T_CRYPTO_VER, "2");
            httpURLConnection.setRequestProperty(String.valueOf(str) + WalkEncryption.JETS3T_CRYPTO_ALG, this.cryptoAlg);
        }

        @Override // org.eclipse.jgit.transport.WalkEncryption
        void validate(HttpURLConnection httpURLConnection, String str) throws IOException {
            validateImpl(httpURLConnection, str, "2", this.cryptoAlg);
        }

        @Override // org.eclipse.jgit.transport.WalkEncryption
        OutputStream encrypt(OutputStream outputStream) throws IOException {
            try {
                Cipher create = InsecureCipherFactory.create(this.cryptoAlg);
                create.init(1, this.secretKey, this.paramSpec);
                return new CipherOutputStream(outputStream, create);
            } catch (GeneralSecurityException e) {
                throw error(e);
            }
        }

        @Override // org.eclipse.jgit.transport.WalkEncryption
        InputStream decrypt(InputStream inputStream) throws IOException {
            try {
                Cipher create = InsecureCipherFactory.create(this.cryptoAlg);
                create.init(2, this.secretKey, this.paramSpec);
                return new CipherInputStream(inputStream, create);
            } catch (GeneralSecurityException e) {
                throw error(e);
            }
        }
    }

    /* loaded from: input_file:org/eclipse/jgit/transport/WalkEncryption$Keys.class */
    interface Keys {
        public static final String JGIT_PROFILE = "jgit-crypto-profile";
        public static final String JGIT_VERSION = "jgit-crypto-version";
        public static final String JGIT_CONTEXT = "jgit-crypto-context";
        public static final String X_ALGO = ".algo";
        public static final String X_KEY_ALGO = ".key.algo";
        public static final String X_KEY_SIZE = ".key.size";
        public static final String X_KEY_ITER = ".key.iter";
        public static final String X_KEY_SALT = ".key.salt";
    }

    /* loaded from: input_file:org/eclipse/jgit/transport/WalkEncryption$NoEncryption.class */
    private static class NoEncryption extends WalkEncryption {
        private NoEncryption() {
        }

        @Override // org.eclipse.jgit.transport.WalkEncryption
        void request(HttpURLConnection httpURLConnection, String str) {
        }

        @Override // org.eclipse.jgit.transport.WalkEncryption
        void validate(HttpURLConnection httpURLConnection, String str) throws IOException {
            validateImpl(httpURLConnection, str, "", "");
        }

        @Override // org.eclipse.jgit.transport.WalkEncryption
        InputStream decrypt(InputStream inputStream) {
            return inputStream;
        }

        @Override // org.eclipse.jgit.transport.WalkEncryption
        OutputStream encrypt(OutputStream outputStream) {
            return outputStream;
        }

        /* synthetic */ NoEncryption(NoEncryption noEncryption) {
            this();
        }
    }

    /* loaded from: input_file:org/eclipse/jgit/transport/WalkEncryption$SymmetricEncryption.class */
    static abstract class SymmetricEncryption extends WalkEncryption implements Keys, Vals {
        final String profile;
        final String version;
        final String cipherAlgo;
        final String paramsAlgo;
        final SecretKey secretKey;
        volatile String context;
        volatile Cipher decryptCipher;

        SymmetricEncryption(Properties properties) throws GeneralSecurityException {
            this.profile = properties.getProperty(AmazonS3.Keys.CRYPTO_ALG);
            this.version = properties.getProperty(AmazonS3.Keys.CRYPTO_VER);
            String property = properties.getProperty("password");
            this.cipherAlgo = properties.getProperty(String.valueOf(this.profile) + Keys.X_ALGO, "PBEWithMD5AndDES");
            String property2 = properties.getProperty(String.valueOf(this.profile) + Keys.X_KEY_ALGO, "PBEWithMD5AndDES");
            String property3 = properties.getProperty(String.valueOf(this.profile) + Keys.X_KEY_SIZE, DEFAULT_KEY_SIZE);
            String property4 = properties.getProperty(String.valueOf(this.profile) + Keys.X_KEY_ITER, DEFAULT_KEY_ITER);
            String property5 = properties.getProperty(String.valueOf(this.profile) + Keys.X_KEY_SALT, DEFAULT_KEY_SALT);
            Cipher create = InsecureCipherFactory.create(this.cipherAlgo);
            try {
                try {
                    try {
                        SecretKey generateSecret = SecretKeyFactory.getInstance(property2).generateSecret(new PBEKeySpec(property.toCharArray(), DatatypeConverter.parseHexBinary(property5.replaceAll(Vals.REGEX_WS, "")), Integer.parseInt(property4), Integer.parseInt(property3)));
                        String upperCase = this.cipherAlgo.toUpperCase(Locale.ROOT);
                        Matcher matcher = Pattern.compile(Vals.REGEX_PBE).matcher(upperCase);
                        Matcher matcher2 = Pattern.compile(Vals.REGEX_TRANS).matcher(upperCase);
                        if (matcher.matches()) {
                            this.paramsAlgo = this.cipherAlgo;
                            this.secretKey = generateSecret;
                        } else {
                            if (!matcher2.find()) {
                                throw new GeneralSecurityException(MessageFormat.format(JGitText.get().unsupportedEncryptionAlgorithm, this.cipherAlgo));
                            }
                            this.paramsAlgo = matcher2.group(1);
                            this.secretKey = new SecretKeySpec(generateSecret.getEncoded(), this.paramsAlgo);
                        }
                        create.init(1, this.secretKey);
                        create.doFinal();
                    } catch (Exception e) {
                        throw securityError(Keys.X_KEY_SALT + property5);
                    }
                } catch (Exception e2) {
                    throw securityError(Keys.X_KEY_ITER + property4);
                }
            } catch (Exception e3) {
                throw securityError(Keys.X_KEY_SIZE + property3);
            }
        }

        @Override // org.eclipse.jgit.transport.WalkEncryption
        OutputStream encrypt(OutputStream outputStream) throws IOException {
            try {
                Cipher create = InsecureCipherFactory.create(this.cipherAlgo);
                create.init(1, this.secretKey);
                AlgorithmParameters parameters = create.getParameters();
                if (parameters == null) {
                    this.context = "";
                } else {
                    this.context = Base64.encodeBytes(parameters.getEncoded());
                }
                return new CipherOutputStream(outputStream, create);
            } catch (Exception e) {
                throw error(e);
            }
        }

        @Override // org.eclipse.jgit.transport.WalkEncryption
        void request(HttpURLConnection httpURLConnection, String str) throws IOException {
            httpURLConnection.setRequestProperty(String.valueOf(str) + Keys.JGIT_PROFILE, this.profile);
            httpURLConnection.setRequestProperty(String.valueOf(str) + Keys.JGIT_VERSION, this.version);
            httpURLConnection.setRequestProperty(String.valueOf(str) + Keys.JGIT_CONTEXT, this.context);
        }

        @Override // org.eclipse.jgit.transport.WalkEncryption
        void validate(HttpURLConnection httpURLConnection, String str) throws IOException {
            String headerField = httpURLConnection.getHeaderField(String.valueOf(str) + Keys.JGIT_PROFILE);
            String headerField2 = httpURLConnection.getHeaderField(String.valueOf(str) + Keys.JGIT_VERSION);
            String headerField3 = httpURLConnection.getHeaderField(String.valueOf(str) + Keys.JGIT_CONTEXT);
            if (headerField == null) {
                throw new IOException(MessageFormat.format(JGitText.get().encryptionError, Keys.JGIT_PROFILE));
            }
            if (headerField2 == null) {
                throw new IOException(MessageFormat.format(JGitText.get().encryptionError, Keys.JGIT_VERSION));
            }
            if (headerField3 == null) {
                throw new IOException(MessageFormat.format(JGitText.get().encryptionError, Keys.JGIT_CONTEXT));
            }
            if (!this.profile.equals(headerField)) {
                throw new IOException(MessageFormat.format(JGitText.get().unsupportedEncryptionAlgorithm, headerField));
            }
            if (!this.version.equals(headerField2)) {
                throw new IOException(MessageFormat.format(JGitText.get().unsupportedEncryptionVersion, headerField2));
            }
            try {
                this.decryptCipher = InsecureCipherFactory.create(this.cipherAlgo);
                if (headerField3.isEmpty()) {
                    this.decryptCipher.init(2, this.secretKey);
                    return;
                }
                AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(this.paramsAlgo);
                algorithmParameters.init(Base64.decode(headerField3));
                this.decryptCipher.init(2, this.secretKey, algorithmParameters);
            } catch (Exception e) {
                throw error(e);
            }
        }

        @Override // org.eclipse.jgit.transport.WalkEncryption
        InputStream decrypt(InputStream inputStream) throws IOException {
            try {
                return new CipherInputStream(inputStream, this.decryptCipher);
            } finally {
                this.decryptCipher = null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/eclipse/jgit/transport/WalkEncryption$Vals.class */
    public interface Vals {
        public static final String DEFAULT_VERS = "0";
        public static final String DEFAULT_ALGO = "PBEWithMD5AndDES";
        public static final String DEFAULT_KEY_ALGO = "PBEWithMD5AndDES";
        public static final String DEFAULT_KEY_SIZE = Integer.toString(32);
        public static final String DEFAULT_KEY_ITER = Integer.toString(5000);
        public static final String DEFAULT_KEY_SALT = DatatypeConverter.printHexBinary(JetS3tV2.SALT);
        public static final String EMPTY = "";
        public static final String REGEX_WS = "\\s+";
        public static final String REGEX_PBE = "(PBE).*(WITH).+(AND).+";
        public static final String REGEX_TRANS = "(.+)/(.+)/(.+)";
    }

    WalkEncryption() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract OutputStream encrypt(OutputStream outputStream) throws IOException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract void request(HttpURLConnection httpURLConnection, String str) throws IOException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract void validate(HttpURLConnection httpURLConnection, String str) throws IOException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract InputStream decrypt(InputStream inputStream) throws IOException;

    protected void validateImpl(HttpURLConnection httpURLConnection, String str, String str2, String str3) throws IOException {
        String headerField = httpURLConnection.getHeaderField(String.valueOf(str) + JETS3T_CRYPTO_VER);
        if (headerField == null) {
            headerField = "";
        }
        if (!str2.equals(headerField)) {
            throw new IOException(MessageFormat.format(JGitText.get().unsupportedEncryptionVersion, headerField));
        }
        String headerField2 = httpURLConnection.getHeaderField(String.valueOf(str) + JETS3T_CRYPTO_ALG);
        if (headerField2 == null) {
            headerField2 = "";
        }
        if (!str3.equalsIgnoreCase(headerField2)) {
            throw new IOException(MessageFormat.format(JGitText.get().unsupportedEncryptionAlgorithm, headerField2));
        }
    }

    IOException error(Throwable th) {
        return new IOException(MessageFormat.format(JGitText.get().encryptionError, th.getMessage()), th);
    }

    static GeneralSecurityException securityError(String str) {
        return new GeneralSecurityException(MessageFormat.format(JGitText.get().encryptionError, str));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static WalkEncryption instance(Properties properties) throws GeneralSecurityException {
        String property = properties.getProperty(AmazonS3.Keys.CRYPTO_ALG, "PBEWithMD5AndDES");
        String property2 = properties.getProperty(AmazonS3.Keys.CRYPTO_VER, Vals.DEFAULT_VERS);
        String property3 = properties.getProperty("password");
        if (property3 == null) {
            return NONE;
        }
        switch (property2.hashCode()) {
            case 48:
                if (property2.equals(Vals.DEFAULT_VERS)) {
                    return new JetS3tV2(property, property3);
                }
                break;
            case 49:
                if (property2.equals("1")) {
                    return new JGitV1(property, property3);
                }
                break;
            case 50:
                if (property2.equals("2")) {
                    return new JGitV2(properties);
                }
                break;
        }
        throw new GeneralSecurityException(MessageFormat.format(JGitText.get().unsupportedEncryptionVersion, property2));
    }
}
